risk management for government contractors - … management for government contractors may 7, 2015...

Risk Management for Government Contractors

May 7, 2015

By: Gregory A. Garrett, CPCM, CPSM., PMP

President & CEO, GCS International

National Contract Management Association (NCMA) Seminar

Risk Management for Government Contractors Key Topics of Discussion: • Government Contracting Risk Management:

Myths & Best Practices

• Opportunity & Risk Management (ORM) Process & Tools

• Contract Management Risk and Opportunity Assessment Tool (CMROAT)

• Q&A

What are the Top Three Risks for Government Buyers?

Reference Text pg. 2: Risk Management for Complex U.S. Government Contracts and Projects, by Gregory A. Garrett, NCMA, 2009.

• The products or services will not be of satisfactory quality. • The products or services will not be performed or

delivered on time. • The products or services will cost more than the original

contractor estimate.

What are the Top Risk Factors for Government Contractors?

• Non-compliance with detailed Federal Acquisition Regulation (FAR) and government agency FAR supplements,

• Non-compliance with government Cost Accounting Standards (CAS),

• Unstable contract/program requirements, • Political and media pressures, • Unstable contract/program life-cycle funding, • Accelerated or delayed delivery schedules, • Variations in quantity, and • Increased government oversight of contractors.

Text: pg. 2

What is Risk Management?

Risk Management, the ability to efficiently and cost effectively mitigate potential problems, is fundamental to good business in both the public and private sectors.

What is Government Contracting Risk Management

10 Common Myths

Myth #1

Risk management is well defined, cost-effectively practiced, and successfully implemented by most government contractors.

Myth #1

Text: pg. 3

Reality: Most government contractors do not have a comprehensive or life-cycle risk management methodology for their business. Risk management is often fragmented by functional areas. Some organizations do take the time to conduct a risk identification and assessment as part of their bid/no-bid process. While other government contractors, who are in a zeal for a deal, bid nearly everything and then hope and pray they can deliver on their promises. Risk management best practices are often not efficiently or cost-effectively flowed down from prime contractors to their respective subcontractors, often resulting in late deliveries, higher costs, reduced profits, and upset government customers.

Myth #2

Text: pg. 3

The use of a firm-fixed-price (FFP) government contract places all risk on the contractors.

Myth #2

Text: pg. 3

Reality: The government also shares in the risk associated with FFP pricing arrangements. The government has the risk that the selected contractor may not adequately perform the work thus requiring a remedy for the contractor’s failure to deliver (i.e., withholding of payment, liquidated damages, termination for default, etc.) The government also has the risk of unclear definition or specification of the requirements and deliverables. It is entirely possible for a contractor to perform the work as required and specified by the government, yet the government still does not get what it really needs or wants because of the government’s inadequate statement of requirements. In addition, FFP government contracts may contain certain government contractual obligations—government furnished property (GFP), government furnished equipment (GFE), and/or government furnished information (GFI)—in accordance with FAR Part 45.

Myth #3

Text: pp. 3-4

The creation of a performance-based contract (PBC) will reduce risks and ensure the government obtains successful contract/project results.

Myth #3

Text: pp. 3-4

Reality: Unfortunately, many government agencies do not properly create performance-based contracts, often resulting in higher risks and poor to mediocre performance results. For example, many government agencies suffer from the following challenges:

• Incomplete or inadequate performance work statements (PWSs) or statements of objectives (SOOs);

• Use of an overly detailed and highly prescriptive statement of work (SOW);

• Insufficient quality assurance surveillance plans; • Poor selection of performance standards and metrics to drive contractors

to high-performance results; • Inappropriate contract incentive plans, or failure to properly administer

and reward superior results or apply penalties for poor performance; or • Inadequate post-award contract administration support due to shortage

of resources, inadequate training, and poor quality control.

Myth #4

Text: pg. 4

The use of government-furnished property (GFP) will always reduce the cost and risk of the contract/project.

Myth #4

Text: pg. 4

Reality: Sometimes GFP does reduce the cost and risk of the contract or project, but many times it does not. In fact, some government contractors refer to GFP as “government-furnished problems” because the government property is frequently delivered late, damaged, or defective. Plus, the government property requirements stated in FAR Part 45 can add additional costs for the marking/identification, tracking, maintenance, transportation, and documentation of the subject property.

Myth #5

Text: pg. 4

All risk factors can be identified, quantified, and mitigated.

Myth #5

Text: pg. 4

Reality: If a government agency or government contractor develops and practices risk management as an integrated aspect of all of their business activities, and uses knowledge management throughout the project life cycle, then most risk factors can be identified, quantified, and mitigated. However, many organizations do not practice risk management as an integrated aspect of all of their business activities. Plus, most organizations have not fully embraced the power of capturing, sharing, and reusing knowledge to enhance risk management.

Myth #6

Text: pg. 4

The longer and more detailed the government’s solicitation planning and source selection process, the more likely it will reduce risk and obtain high performance outcomes from the contractors.

Myth #6

Text: pg. 4

Reality: It is not the quantity of people or total time spent; rather, it is the quality of the people and their respective knowledge, experience, dedication, and executive-level commitment that typically determines whether a government agency’s acquisition planning yields high-performance outcomes from the selected contractors.

Myth #7

Text: pp. 4-5

The more competitors in a federal procurement, the better the competition.

Myth #7

Text: pp. 4-5

Reality: Again, the quantity of bidders does not necessarily directly relate to the quality of the competition. Sometimes, there may be only one or two high-quality providers of the needed products, services, or solutions. Thus, seeking three or more bids/proposals may actually result in higher acquisition costs due to a longer bid/proposal evaluation process and related source selection activities.

Myth #8

Text: pg. 5

All government contractors are crooks.

Myth #8

Text: pg. 5

Reality: Most government contractors are honest, reliable, and dedicated companies focused on supporting government agencies in achieving their respective mission requirements while meeting their stakeholders’ objectives. Unfortunately, there is a relatively small percentage of government contractors who do act illegally and their bad actions are frequently publicized by the press and Congress, creating a very negative perception of the industry.

Myth #9

Text: pg. 5

Project management and contract administration are less important to risk management than acquisition strategic planning and source selection.

Myth #9

Text: pg. 5

Reality: Project management and contract administration are in fact just as important, if not more so, to risk management than the acquisition strategic planning and source selection. Said simply, it is good to have an effective plan and a qualified contractor, but it is better to ensure project execution of the plan and contractor delivery of the promised results. Too often, both government agencies and government contractors are in such a zeal for the deal, they focus nearly all of their resources on the pre-award and post-award phases of the acquisition and too little resources on the critical post-award project management and contract administration activities.

Myth #10

Text: pg. 5

Past Experience = Successful Performance.

Myth #10

Text: pg. 5

Reality: Solely because a person or organization has experience in providing a product, service, or solution in the past does not necessarily mean that the individual or entity will be successful in delivering a similar product, service, or solution in the future. In fact, if the individual, organization, or company has a track record of poor performance in their past experience, then it is quite likely they will have challenges in achieving successful performance outcomes in the future. Clearly, the lowest risk scenario is to find a contractor with extensive experience, expertise, and demonstrated high-performance results on delivery of similar products, services, and solutions.

Risk Management Best Practices

Text: pg. 5

• In order to reduce business risks and optimize performance results in the federal marketplace, both government agencies and government contractors should develop a comprehensive or holistic approach to risk management.

• A comprehensive approach to risk management should appropriately address the “Four Ps” to success: people, processes, performance, and price.

Life-Cycle Risk Management

Text: pg. 6

4 Ps Proven Best Practices People • Select highly qualified, competent, and certified business professionals.

• Provide appropriate individual, team, and organizational performance standards, metrics, and incentives.

• Provide timely professional continuing education, cross-functional education and experience, and on-the-job training in risk management.

• Provide timely and appropriate performance feedback. • Develop realistic requirements and delivery schedules. • Develop and implement an effective mentor/coaching program. • Ensure effective training in risk management processes and tools are

provided. • Create and consistently practice a “tone at the top” message of the

need and value of life-cycle risk management. • Use expert consultants as needed—seek advice.


Text: pg. 6

4 Ps Proven Best Practices Processes • Develop an integrated life-cycle risk management process that appropriately

addresses all functional areas of the organization of each contract from beginning to end.

• Incorporate knowledge management tools to ensure knowledge is captured, shared, and reused before, during, and after work is performed throughout the contract/project life cycle.

• Practice disciplined systems engineering and program management. • Implement an effective earned value management system (EVMS). • Use multi-year procurement (MYP) and multi-year funding (MYF) to ensure

stable funding. • Develop and use an effective cost estimating and accounting system. • Ensure risk identification tools and techniques are developed and appropriately

implemented. • Provide effective processes and tools to assess the probability and financial

impacts of potential risks (technical, schedule, and contract). • Allocate funds for appropriate risk mitigation planning and actions.


Text: pp. 6-7

4 Ps Proven Best Practices Performance • Terminate all or part of poor performance programs as soon as possible.

• Remove poor individual performers if they are not adding value to the team and project.

• Remedy or terminate poorly performing subcontractors. • Manage contract changes. • Create a performance-based culture within your team and organization. • Communicate your organization’s and team’s vision, mission, and

performance goals. • Develop performance-based contracts with your clients and suppliers. • Create an effective ethics and compliance internal control system. • Practice risk management using a life-cycle risk management process. • Ensure regulatory and contract compliance.


Text: pg. 7

4 Ps Proven Best Practices Price • Select appropriate pricing arrangements given the risk vs. reward

opportunity. • Ensure life-cycle costs are properly included in the budget and contract

funding. • Create a management reserve in the project budget. • Avoid buy-in situations. • Price and negotiate contract changes appropriately. • Select and tailor contract terms and conditions to properly address items

not priced into the contract. • Use appropriate cost estimating methods and techniques. • Conduct price analysis and/or cost analysis. • Obtain independent cost estimates.

1. How well does your organization address the holistic nature of risk management?

2. How cost-effectively and efficiently does your organization mitigate contract and project risk factors?

3. How successful is your organization in achieving high-performance business results on a consistent basis?

Questions to Consider

Text: pg. 7

The Opportunity and Risk Management Process

What is Opportunity?

Opportunity is the measure of the probability of an opportunity event (a positive desired change) occurring and the desired impact of that event.

Text: pg. 11

What is Risk?

Text: pg. 11

Risk is the measure of the probability of a risk event (an unwanted change) occurring and the associated effect of that event. In other words, risk consists of three components:

• A risk event (an unwanted change), • The probability of occurrence (uncertainty), and • The significance of the impact (the amount at stake).

How Would You Define Risk in the World of Federal Acquisition Management?

Text: pg. 11

Risk is defined by the Department of Defense (DOD) as a measure of future uncertainties in achieving program performance goals and objectives within defined cost, schedule, and performance constraints. Specified areas of potential risk are provided in the chart below.

DOD Risk Areas, Definitions, and Examples Risk Area Definition Significant Risks

Threat Sensitivity to uncertainty of threat description.

• Uncertainty in threat accuracy. • Sensitivity of design and technology to

threat. • Vulnerability of system to threat and

threat countermeasures.

DOD Risk Areas, Definitions, and Examples

Text: pg. 12

Risk Area Definition Significant Risks Requirements Sensitivity to uncertainty in

the system description and requirements.

• Operational requirements vaguely stated or not properly established.

• Requirements not stable. • Required operating environment not

described. • Requirements too constrictive—identify

specific solutions that force high cost. Design Degree to which system

design could change if the threat parameters change.

• Design implications not sufficiently considered in concept exploration.

• System will not satisfy user requirements. • Mismatch of user manpower or skill

profiles with system design solution or human machine interface problems.

• Design not cost effective. • Design relies on immature technologies or

“exotic” materials to achieve performance objectives.


Text: pg. 12

Risk Area Definition Significant Risks Modeling and Simulation (M&S)

Adequacy and capability of M&S to support all life-cycle phases.

• Same risks contained in the significant risks for test and evaluation.

• M&S are not verified, validated, or accredited for the intended purpose.

• Program lacks proper tools and M&S capability to assess alternatives.

Technology Degree to which technology has demonstrated maturity to meet program objectives.

• Program depends upon unproven technology for success—there are no alternatives.

• Program success depends on achieving advances in state-of-the-art technology.

• Potential advances in technology will result in less than optimally cost-effective system or make system components obsolete.

• Technology relies on complex hardware, software, or integration designs.

Logistics Ability of the system configuration and documentation to achieve logistic objectives.

• Inadequate supportability late in development or after fielding, resulting in need for engineering changes, increased costs, or schedule delays.

Text: pg. 13

Risk Area Definition Significant Risks Concurrency Sensitivity to uncertainty resulting

from combining or overlapping phases or activities.

• Immature or unproven technologies will not be adequately developed before production.

• Production funding will be available too early—before development effort has sufficiently matured.

• Concurrency established without clear understand of risk.

Industrial Capabilities

Abilities, experience, resources, and knowledge of the provider to design, develop, manufacture, and support the system.

• Contractor has poor track record relative to costs and schedule.

• Contractor experiences loss of key personnel. • Prime contractor relies excessively on

subcontractors for major development efforts. • Contractor will require significant capitalization to

meet program requirements. Cost Ability of system to achieve life-

cycle support objectives; includes effects on budgets, affordability, and effects of errors in cost estimating techniques.

• Realistic cost objectives not established early. • Excessive life-cycle costs due to inadequate

treatment of support requirements. • Significant reliance on software.


Text: pg. 14

Risk Area Definition Significant Risks Schedule Sufficiency of time allocated for

performing the defined acquisition tasks.

• Schedule not considered in trade-off studies.

• Schedule does not reflect realistic acquisition planning.

• Acquisition program baseline schedule objectives not realistic and attainable.

• Resources not available to meet schedule. Management Degree to which program plans

and strategies exist and are realistic and consistent.

• Subordinate strategies and plans are not developed in a timely manner or based on the acquisition strategy.

• Proper mix (experience, skills, stability) of people not assigned to Program Management Office or to contractor team.

• Effective risk assessments not performed or results not understood and acted upon.



Text: pg. 14

Risk Area Definition Significant Risks External Factors

Availability of government resources external to the program office required to support the project, such as facilities, resources, personnel, government-furnished equipment, etc.

• External government resources are unknown or uncertain.

• Little or no control over external resources.

• Changing external priorities are a threat to performance.

Budget Sensitivity of program to budget changes and reductions.

• Budget practices (releasing funds, quarterly or monthly) negatively affect long-term planning processes.

• Budget changes or reduction can negate contractual arrangements and continuity of operations.

Earned Value Management System (EVMS)

Adequacy of the contractors EVMS process and realism of integrate baseline.

• Baseline proves unrealistic. • Accurate and meaningful measures

difficult to obtain. • Contractor’s EVMS does not effectively

support project tracking.

The Opportunity and Risk Management Process

Text: pg. 20

Opportunity and Risk Management Six-Step Model

Text: pg. 23

Project Risk Mitigation Form

Text: pg. 25

Opportunity and Risk Management Worksheet

# Opportunity or Risk Event

Probability % or

H, M, L

Impact $ or

H, M, L

Priority 1, 2, 3 or H, M, L

Develop Opportunities or Risk Mitigation

Strategy

Contract/ Project Status

Project Doability Analysis

Text: pg. 27

Project Doability Analysis (Cont’d)

Text: pg. 28

Contract Management Risk and Opportunity Assessment Tool (CMROAT)

Text: pg. 236

CMROAT© was designed to help organizations, both buyers and sellers, assess the risk and opportunities associated with a potential or actual contract. The tool was originally designed for use by buyers and has evolved to provide a similar assessment capability for sellers in both the U.S. government and commercial markets worldwide. The tool provides a high-level, first-pass evaluation of the risks and opportunities associated with a contract. The tool is intended to be completed by the contract manager, project manager, and other functional team members. The best time to use CMROAT is prior to contract award.

Using CMROAT in Four Steps

Text: pg. 236

The process of performing the risk and opportunity assessment involves four basic steps: 1. There are two versions of CMROAT©, one for buyers (CMROAT-BP©)

and one for sellers (CMROAT-SP©). Select the appropriate version and complete the survey.

2. Evaluating the risk. Answer a series of 10 questions on risk analysis, with a score for each to be calculated. The questions have been weighted on a scale of 1 (low) to 5 (high) in terms of their relative importance to each other. The score is calculated by multiplying the raw score (risk factor – R) by the pre-established weight value (W). The total risk score for each question is then calculated and entered into the space provided, resulting in the total risk score on each page. Then, transfer the total risk score for each question to the summary scorecard. After completing all 10 questions on risk analysis, add up the grand total risk on the summary scorecard.

Using CMROAT in Four Steps

Text: pg. 236

The process of performing the risk and opportunity assessment involves four basic steps: 3. Evaluating the opportunity. Likewise, answer a series of 10 questions on

opportunity analysis and calculate a score for each. The questions have been weighted on a scale of 1 (low) to 5 (high) in terms of their relative importance to each other. This score is calculated by multiplying the raw score (opportunity factor – O) by a pre-established weight value (W). After each question has been scored, transfer the total opportunity score to the summary scorecard. After completing all 10 questions on opportunity analysis, add up the grand total opportunity on the summary scorecard.

4. Mapping the risk and opportunity to the matrix. The grand total scores for risk and opportunity are plotted on the matrix. The location of this score on the matrix helps determine the extent of opportunity and the level of risk that will need to be managed to ensure on-time delivery of quality products, services, or solutions at a fair and reasonable price.

CMROAT – Seller’s Perspective

The process of performing the risk and opportunity assessment involves four basic steps:

10 Risk Elements 10 Opportunity Elements 1. Buyer Commitment 2. Contract Timetable 3. Contract Duration 4. Seller’s Previous Experience 5. Seller’s Participation in Contract

Definition 6. External Resource Coordination 7. Requirements Evaluation Time Frame 8. Technology and Product Maturity 9. Geographic Distribution 10. Contract Manager’s Assessment

1. Promotes Seller’s Strategic Direction 2. Revenue Generated 3. Margin Strategy 4. Future Business Potential 5. Provides Added Experience

and/or New Skills 6. Resource Utilization 7. Buyer Favors the Seller 8. Products and Services are all the Sellers 9. Presale Expense 10. Contract Manager’s Assessment


Text: pg. 237

Risk Analysis The Seller’s Perspective

Text: pg. 237

Opportunity Analysis The Seller’s Perspective

Text: pg. 242

Text: pg. 247


Text: pg. 248


Text: pp. 249-258

CMROAT – Buyer’s Perspective 10 Risk Elements 10 Opportunity Elements

1. Buyer’s Executive Commitment to Resources and Budget

2. Contract Delivery Schedule 3. Contract Performance Period 4. Supplier’s Past Performance 5. Changing Contract Requirements 6. Level/Extent of Outsourcing 7. Procurement Acquisition Lead Time 8. Technology and Product Maturity 9. Geographic Manager’s Assessment 10. Contract Manager’s Assessment

1. Contract Promotes the Buyer’s Strategic Direction

2. Seller Offers the Lowest Price Technically Acceptable

3. Seller Offers Rapid Delivery 4. Use of Breakthrough Technology 5. Provides Value-Added Experience and/or

New Skills 6. Ease of Procurement 7. Doing Business with a High-Quality

Small Business 8. Seller Offers Lowest Life-Cycle Cost to

Buyer 9. Reduced Procurement Expense 10. Contract Manager’s Assessment

Text: pg. 249

CMROAT – Buyer’s Perspective

Text: pg. 249

Risk Analysis The Buyer’s Perspective

Text: pg. 254

Opportunity Analysis The Buyer’s Perspective

Text: pg. 259


Text: pg. 260


Interpreting Results

Text: pg. 261

According to the CMROAT user surveys and interviews, most people find CMROAT simple to use and very effective in providing a quick high-level risk and opportunity assessment. Typically, we find organizations receive the best value from their use of CMROAT when they have five or more representatives/team members from different functional departments or organizations complete the survey tool and compare results. In the case of CMROAT, as in any assessment tool, the real value to the organization using the tool is in analyzing the results, then discussing and implementing appropriate actions that should be taken to further improve business performance. Numerous organizations in the aerospace, defense, engineering, electronics, telecommunications, and other industries have used CMROAT or other modified versions as an effective tool to conduct a quick multifunctional assessment of risk versus opportunity on a proposed or actual contract. *This tool is a modified extract from the book, Contract Management Organizational Assessment Tools, by Gregory A. Garrett and Dr. Rene Rendon, NCMA 2005.

Thank you!

If you have additional questions contact:

Gregory A. Garrett, CPCM, CPSM, PMP President & CEO GCS International

703-758-9443 [email protected]

risk management for government contractors - … management for government contractors may 7, 2015...

Documents